ATutor

Learning Management Tools







Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


Login from External Page


  • 2009-07-15 16:18:59

    Login from External Page

    Hello,

    I am looking to add a login script from a page outside of atutor.

    So basically I have created the input fields to match what atutors input fields are and im POSTING it to the login php file. All it does though is takes me back to the login page after submitting the data. Am I missing something?

  • 2009-07-15 16:56:04

    Re: Login from External Page

    Have a look at the comments near the top of the login.php file

    http://atutorsvn.atrc.utoronto.ca/repos/atutor/trunk/docs/login.php

    and view the html source from the demo login page of atutor.ca and copy the HTML of the login form into your page. ...and edit as needed.

    http://www.atutor.ca/atutor/demo.php

  • 2009-07-17 12:01:14

    Re: Login from External Page

    Thank you for getting back so quickly.

    So I'm a little further along now, the actual values are being passed through. However, the login is being refused (but works when i enter it directly of course).

    I've added the onclick="return encrypt_password();" and added the javascript before the form as in the login screen, but still no joy.

  • 2009-07-17 17:14:03

    Re: Login from External Page

    This is the part of the login.php file you need to change. Uncomment the first part, as it suggests, then comment out the second part.

    [php]

    $_user_location = 'public';
    define('AT_INCLUDE_PATH', 'include/');
    require (AT_INCLUDE_PATH.'vitals.inc.php');

    // For security reasons the token has to be generated anew before each login attempt.
    // The entropy of SHA-1 input should be comparable to that of its output; in other words, the more randomness you feed it the better.

    /***
    * Remove comments below to enable a remote login form.
    */
    //if (isset($_POST['token']))
    //{
    // $_SESSION['token'] = $_POST['token'];
    //}
    //else
    //{
    // if (!isset($_SESSION['token']))
    // $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
    //}

    /***
    * Add comments 2 lines below to enable a remote login form.
    */
    if (!isset($_SESSION['token']))
    $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));

    if (isset($_GET['course'])) {
    $_GET['course'] = intval($_GET['course']);
    } else {
    $_GET['course'] = 0;
    }

    [/php]

  • 2009-07-17 17:23:55

    Re: Login from External Page

    ... and these scripts need to be included before the login form. There is a copy of sha-1factory.js with ATutor>.You can either copy it from there, or link to it.

    [php]

    <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>

    <script type="text/javascript">
    /*
    * Encrypt login password with sha1
    */
    function encrypt_password() {
    document.form1.form_password_hidden.value = hex_sha1(hex_sha1(document.form1.form_password.value) + '<?php echo $_SESSION['token']; ?>');
    document.form1.form_password.value = "";
    return true;
    }

    function encrypt_password2() {
    document.form2.form_password_hidden.value = hex_sha1(hex_sha1(document.form2.form_password.value) + '<?php echo $_SESSION['token']; ?>');
    document.form2.form_password.value = "";
    return true;
    }

    </script>


    [/php]

  • 2009-08-05 12:41:24

    Re: Login from External Page

    i have created a separate php file test.php and inserted the code as suggested by greg, i also made necessary changes in login.php but login is not possible

    plz guys explain it step wise what to do, this will be a very big help to me

    thank you

  • 2009-08-05 13:04:28

    Re: Login from External Page

    Well... you can hire us to build it for you, or continue experimenting with the info already provided above. Everything you need is already described.

    We don't really have to time create a step by step for you. This type of activity is more for someone with Web development experience, and should be easily adapted from the info above. We don't have the resources to teach basic Web programming here.

    One last tip, make sure you have the sha-1factory.js script saved locally.

  • 2009-08-05 13:18:13

    Re: Login from External Page

    yeah i understand, i will post step by step procedure when i am done.

  • 2009-08-24 12:56:29

    Re: Login from External Page

    Hello,

    I am still having issues...

    My login.php is as follows:

    [php]
    /***
    * Remove comments below to enable a remote login form.
    */
    if (isset($_POST['token']))
    {
    $_SESSION['token'] = $_POST['token'];
    }
    else
    {
    if (!isset($_SESSION['token']))
    $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
    }

    /***
    * Add comments 2 lines below to enable a remote login form.
    */
    //if (!isset($_SESSION['token']))
    // $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));

    //if (isset($_GET['course'])) {
    // $_GET['course'] = intval($_GET['course']);
    //} else {
    // $_GET['course'] = 0;
    //}

    // check if we have a cookie
    if (!$msg->containsFeedbacks()) {
    if (isset($_COOKIE['ATLogin'])) {
    $cookie_login = $_COOKIE['ATLogin'];
    }
    if (isset($_COOKIE['ATPass'])) {
    $cookie_pass = $_COOKIE['ATPass'];
    }
    }
    [/php]


    I have also created a simple external html page. What happens (depending on browser) is it either rejects the login, or doesn't attempt the login and goes straight to the login page.

    Here is the test page:


    <?php
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

    <head>
    <title>Access Safety : Login</title>


    </head>

    <body onload="document.form.form_login.focus();">
    <script language="JavaScript" src="pathto/overlib.js" type="text/javascript"></script>
    <script language="JavaScript" src="pathto/sha-1factory.js" type="text/javascript"></script>

    <script type="text/javascript">
    /*
    * Encrypt login password with sha1
    */
    function encrypt_password() {
    document.form.form_password_hidden.value = hex_sha1(hex_sha1(document.form.form_password.value) + "8144688fcb53a53885d05872be936cc6830f3b27");
    document.form.form_password.value = "";
    return true;
    }

    </script>
    <div class="container">

    <div class="column">
    <form action="pathto/login.php" method="post" name="form">
    <input type="hidden" name="form_login_action" value="true" />

    <input type="hidden" name="form_course_id" value="" />
    <input type="hidden" name="form_password_hidden" value="" />


    <div class="input-form" style="background-color:white;">
    <fieldset class="group_form"><legend class="group_form">Login</legend>
    <p>Enter the Login Name and Password you chose when you first registered with the system.</p>

    <label for="login">Login Name or Email</label><br />

    <input type="text" name="form_login" size="50" style="max-width: 80%; width: 80%;" id="login" /><br />

    <label for="pass">Password</label><br />
    <input type="password" class="formfield" name="form_password" style="max-width: 80%; width: 80%;" id="pass" />
    <br /><br />
    <input type="submit" name="submit" value="Login" class="button" onclick="return encrypt_password();" />
    </fieldset>
    </div>
    </form>
    </body>
    </html>
    ?>

  • 2009-09-02 12:37:46

    Re: Login from External Page

    This is a friendly bump.

    Any Thoughts / Suggestions?

  • 2009-09-02 14:35:02

    Re: Login from External Page

    You're missing the function:

    encrypt_password2()

    Ensure the paths to the sha-1factory.js are correct.

    Read the whole thread again.

  • 2010-02-18 09:11:33

    Re: Login from External Page

    Hi, I'm trying to make a Joomla module with a login form for ATutor.

    I guess that everything is ok except that the command [php]<?php echo $_SESSION['token'] ?>[/php] is not giving me a string. I mean, I'm getting:

    [quote]
    <script type="text/javascript">
    /*
    * Encrypt login password with sha1
    */
    function encrypt_password() {
    document.form1.form_password_hidden.value = hex_sha1(hex_sha1(document.form1.form_password.value) + "");
    document.form1.form_password.value = "";
    return true;
    }
    [/quote]

    I have this code on my php:
    [php]
    <?php // no direct access
    defined('_JEXEC') or die('Restricted access'); ?>

    <script type="text/javascript">
    /*
    * Encrypt login password with sha1
    */
    function encrypt_password() {
    document.form1.form_password_hidden.value = hex_sha1(hex_sha1(document.form1.form_password.value) + "<?php echo modLoginNeoHelper::getSes(); ?>");
    document.form1.form_password.value = "";
    return true;
    }

    function encrypt_password2() {
    document.form2.form_password_hidden.value = hex_sha1(hex_sha1(document.form2.form_password.value) + "<?php echo modLoginNeoHelper::getSes(); ?>");
    document.form2.form_password.value = "";
    return true;
    }
    </script>
    <form action="/edu/login.php" method="post" name="form1">
    <input type="hidden" name="form_login_action" value="true" />
    <input type="hidden" name="form_course_id" value="0" />
    <input type="hidden" name="form_password_hidden" value="" />

    <label for="login">Usuario:</label><br />
    <input type="text" name="form_login" size="50" style="max-width: 80%; width: 80%;" id="login" /><br />
    <label for="pass">Contraseña:</label><br />
    <input type="password" class="formfield" name="form_password" style="max-width: 80%; width: 80%;" id="pass" />
    <br /><br />
    <input type="submit" name="submit" value="Ingresar" class="button" onclick="return encrypt_password();" />
    </form>
    [/php]

    I'm gessing that I need to include maybe vitals.inc.php or some file in the /include directory of my ATutor, but when I made that I'm just getting a blank page in my Joomla (maybe Joomla has some variables with the same name and some error is trigged).

    So, do I have to include some php file? what can I do to get the $_SESSION['token'] generated ? I tried with copy/paste some code, but it works just for me in one browser (I know that the token is generated randomly).

    I will apreciate your support.

    PS: I've checked the login.php and it is modified as the documentation saids.

    Thanks !!

    My system:
    Operating system ATutor is installed on - Linux 2.6.18-028stab064.7-PAE
    ATutor version - 1.6.3
    Patch #s applied - 1 and 2
    PHP version - 5.2.11
    MySQL version - 5.0.89-community
    Webserver & version - Apache 2

  • 2010-02-18 09:55:29

    Re: Login from External Page

    The token used in login.php must be the same as the one you use to encrypt password. So, send the token generated in your php to login.php as a post value. Try the code below. I modified a bit from your script.

    2 places are added:
    1. generate token at the beginning, use it in encrypt_password()
    2. embed the token in "form1" as a hidden value.

    [php]<?php // no direct access
    defined('_JEXEC') or die('Restricted access');

    $token = modLoginNeoHelper::getSes();
    ?>

    <script type="text/javascript">
    /*
    * Encrypt login password with sha1
    */
    function encrypt_password() {
    document.form1.form_password_hidden.value = hex_sha1(hex_sha1(document.form1.form_password.value) + "<?php echo $token ?>");
    document.form1.form_password.value = "";
    return true;
    }

    </script>
    <form action="/edu/login.php" method="post" name="form1">
    <input type="hidden" name="form_login_action" value="true" />
    <input type="hidden" name="form_course_id" value="0" />
    <input type="hidden" name="form_password_hidden" value="" />
    <input type="hidden" name="token" value="<?php echo $token; ?>" />

    <label for="login">Usuario:</label><br />
    <input type="text" name="form_login" size="50" style="max-width: 80%; width: 80%;" id="login" /><br />
    <label for="pass">Contraseña:</label><br />
    <input type="password" class="formfield" name="form_password" style="max-width: 80%; width: 80%;" id="pass" />
    <br /><br />
    <input type="submit" name="submit" value="Ingresar" class="button" onclick="return encrypt_password();" />
    </form>
    [/php]

  • 2010-02-18 10:34:52

    Re: Login from External Page

    Hi Cindy !!

    Thanks for your message.

    It is still not working. The $token is just empty as before. This is the code:

    [php]
    defined('_JEXEC') or die('Restricted access');

    //include('/home/nsistema/public_html/edu/include/vitals.inc.php');
    class modLoginNeoHelper
    {
    function getSes(){
    $ses=$_SESSION['token'];
    return $ses;
    }

    }
    [/php]

    If I uncomment the include line, I just get a blank page on my Joomla site.

    The Joomla site is on the /public_html and the ATutor is on /public_html/edu/

    What can I do ?

  • 2010-02-18 11:20:25

    Re: Login from External Page

    Hi, you need to generate the token by yourself. I was assuming modLoginNeoHelper::getSes() returns a random token. If not, change the line:

    [php]
    $token = modLoginNeoHelper::getSes();
    [/php]

    to

    [php]
    $token = sha1(mt_rand() . microtime(TRUE));
    [/php]

  • 2010-02-18 13:22:28

    Re: Login from External Page

    It is working now !!

    Thanks a lot :)